Monday, October 31, 2016

New ESET research paper puts Sednit under the microscope

May you never have to know the name Sednit, for if they target you, I would bet on them, they have been around since 2004 at least, and can claim some of the most important hacks in the last few year. A lot of folks say they are affiliated with the Russian Govt. but the authors ask you to look at the facts and make up your own mind. Who ever they are representing , they are very good at what they do
from CTI Consulting http://ift.tt/2eVe2Q8
via IFTTT

The Deal and The Data: 3 Ways Cybersecurity Is Changing M&As | Legaltech News

Cyber security issues are a big part of all of our lives, and we need to be aware of it. Mergers and Acquisitions teams have always had to be able to have security teams involved in their work, CTI provided TSCM support for some of the biggest deals, in the past, now days debugging sweeps are still used, but Cyber security capabilities are much more in demand. Like any M&A team having physical security capabilities they must also have a good understanding of cyber security as well. When making a move on a firm to take them over, one of the first items to be looked is email and the security of the whole process. A firm needs to know that they can trust their communications, which means emails, text messaging, as well as file security and printer systems security. Many firms use all in one Print. copy, and scan system. What a lot of people do not realize is that all the printing, scanning, and copying done on one of these systems is stored on hard drives in the machine. One person acting as a repairman that is there to do maintenance of the machine, can either take the hard drive and replace it, or just copy the information off of it. Another method of stealing the information is using the email capability of the machine to send out emails at night of everything stored during that day.
from CTI Consulting http://ift.tt/2f60pi8
via IFTTT

Military Warns Lenovo Poses Cyber Spy Threat

Things are looking worse and worse for us poor souls using Lenovo Computers, and so far testing them has been a problem, as has setting them up to not be a problem. Like the LTE phones part of the Cyber Security Problem is in the firm ware, not the soft ware, so just resetting your computer to a new windows operating system will not solve the problem. The Australian Financial Review newspaper reported in 2013 that all of the “Five Eyes” intelligence services—those in the United States, Britain, Australia, Canadian, and New Zealand—strictly prohibit the use of Lenovo COMPUTERS over concerns about the potential for cyber espionage.
from CTI Consulting http://ift.tt/2eJQ9LF
via IFTTT

Understanding Physical Internet Infrastructure Vulnerabilities - Center for Infrastructure Protection & Homeland SecurityCenter for Infrastructure Protection & Homeland Security | George Mason University

As it says in this report: Law enforcement does not have adequate training or information to recognize suspicious activity around unprotected fiber routes and vaults. Local law enforcement is often the first line in defending critical infrastructure AGAINST malicious activity. Law enforcement at the local and state levels are typically not trained on how to identify suspicious activity around FIBER routes and vaults. Law enforcement personnel do not know where critical nodes are located, nor do they know how to authenticate legitimate maintenance personnel.
from CTI Consulting http://ift.tt/2f1weKQ
via IFTTT

Video shows 2015 machete rampage at New Orleans airport - CNN.com

It is a story that is over a year old, but it is good footage and should be a warning not just to airport screening check points but all check points. Machete's usually cost under 5 dollars, but are very dangerous. In African entire wars are fought with these things. He also had Molotov fire bombs in the bag he dropped just before the rampage.
from CTI Consulting http://ift.tt/2f1m9vB
via IFTTT

What You Need to Know About IoT Malware

There are a number factors as to why the IoT is becoming our number one cyber security vulnerability. One is they are usually made on the cheap, two they do not have enough code in them to provide a level of security, three they are often made in China, who is trying to undermine our nations cyber security, four even if not made in China the chips inside the devices often are made in China. Lastly many of us do not know the risks involved, and really want the new device to work easily, making it as they say plug and play. So often no passwords are even placed on the IoT devices. We all need to be careful when buying or using these devices, do we really need our Weight Scale to talk to us thru the Internet?
from CTI Consulting http://ift.tt/2ero2A9
via IFTTT

ISIS use improvised devices to target children as forces close in on Mosul | Daily Mail Online

I teach bomb classes all over the world, and people always ask me what a bomb looks like, here are a few. Now tell me what are we looking for. the answer things that do not belong there. Seeing a toy truck, or a teddy bear, in a place you would not expect them is part of the warning. To target children with these is just off the charts, but they are doing it, and we all need to keep our eyes open for this type of attack. AQ has attempted to use fire extinguishers a number of times in the USA. In both case our law enforcement officers caught the attackers, by questioning the reason for them to be carried into the country. Bombs can be made to look like anything, it is up to us to notice when an object does not fit the pattern or place we find them. It does not mean each thing is a bomb, but it does mean we need to be suspect of it, till we or someone else clears it.
from CTI Consulting http://ift.tt/2fwh2pS
via IFTTT

12 Pioneering IoT And Virtual Reality Startups Getting Investments From Intel Capital - Page: 1 | CRN

Both the IoT firms listed as being from China are focused on Smart Homes and Smart Cities, both allowing for possible control remotely of these Homes, Offices, and even Cities. China used Smart Thermometers and a very inexpensive HP wireless computer to hack in the American Chamber of Commerce offices twice. The FBI and the Homeland Security folks went in and cleared out all the hacks to the system, in two weeks they where all back, coming from two of the IoT items in the office. We really need to be careful on what we hook up to our systems.
from CTI Consulting http://ift.tt/2f9qNG8
via IFTTT

Lenovo In Talks With Fujitsu On Japan PC Pact As Market Share, Margins Are Squeezed - Page: 1 | CRN

The USA Government just issued a warning to Staff and Contractors on using the Lenovo computers, since they have been determined to have trap doors that let the Chinese Intelligence agencies into your systems. Now we will have to look at the Fujitsu brand as well. Warning this Post was written on a Lenovo computer.
from CTI Consulting http://ift.tt/2f54q5M
via IFTTT

Australian Red Cross apologises for massive data leak | ZDNet

Insiders say this has happened at least twice so far from Obama Care related databases. Most do not really care, but Identity thieves love these data bases. It has personal data that can be used for Identity fraud types can really use. It is a brave new world, but with the DOD and the White House fending off thousand of attacks a day, can we really expect a health care data base to be secure? Unfortunately Cyber Security Experts tell us the horse is already out of the barn, all that health care data is out in free space available to anyone with the knowledge to go get it.
from CTI Consulting http://ift.tt/2eVYtbt
via IFTTT

Saturday, October 29, 2016

How Podesta's Gmail Account Was Breached | The Smoking Gun

We all have to be very wary of any "change password" emails, Podesta's staff fell for the Phishing scam, but so are people all over the world every day. I have a lot of security on my computer, and get attacked virtually every 15 minuets are so. The chances of getting hit by a successful attack, are almost 100%. In the past week, the vulnerability called the Atom Bomb attack was reviled, which exploits a path past virtually every security system out there. You also found that the US Government has suggested that no one working with the Government should use Lenovo computers, they have found Chinese have put vulnerabilities into the computers, this post is being written on one of those Lenovo computers. I think you and I need to be realistic and understand the vulnerabilities of our computers, telephones and everything else hooked up to the internet at this time. Post is beining written on a Lenovo computer.
from CTI Consulting http://ift.tt/2eMH7xi
via IFTTT

Friday, October 28, 2016

You Can Hijack Nearly Any Drone Mid-flight Using This Tiny Gadget

More good news to make your weekend, not quite as easy as it sounds, but it is pretty easy. It is attacking the Radio Frequency controls and firmware commands of Drones. The attack is on the:DSMx which is a protocol used to facilitate communication between radio controllers and devices, including drones, helicopters, and cars. Please notice the car's it is talking about toy cars, but the idea is expanding.
from CTI Consulting http://ift.tt/2dTVSfX
via IFTTT

AviationNews.net

This is great news for Airports and the Contractors that serve them. There is a great need for airports to upgrade, and now they may have the funds to do it.
from CTI Consulting http://ift.tt/2eXOguX
via IFTTT

This Code Injection Technique can Potentially Attack All Versions of Windows

Here is some great news to go into the weekend with. This can beat any security system you have on your windows PC, at least that is the claim, and so far no patch would work, since it attacks key design of the windows system.
from CTI Consulting http://ift.tt/2ej5IsL
via IFTTT

NIST Publishes Final Guidelines for Protecting Sensitive Government Information Held by Contractors | NIST

If you are looking for ways and ideas of securing your home or office systems, this is a great foundation to use. It is only required for Federal Contractor and such, but it is a good program for all of us to use, if only parts of. I suggest you at least read through it, a lot of good information is here.
from CTI Consulting http://ift.tt/2eZfgJo
via IFTTT

Philippine mayor, 9 bodyguards killed in police shoot-out - Channel NewsAsia

You always need to be careful of who you are working for as a bodyguard. In this case Police are shooting bodyguards and their client, not a great position to be in. You can argue who was in the right, but the client and bodyguards are dead, just be careful.
from CTI Consulting http://ift.tt/2eMKNBX
via IFTTT

Malware from Friday's DDoS attack continues to harass in short bursts | PCWorld

This type of attack has been coming for sometime, what we need to stop and think about, is these bot's have been in place in all these Internet of Things (IoT) for sometime, and not to harass a few people, they are there for a large scale attack on something critical. Like Wall Street exchanges, or DOD defense controls. That it did happen to these not as important targets, means either some hacker kids decided to use them since they are there, or some big player wanted to test the attack plan, to see how it worked. In either case we need to deal with this problem. For home owners go out an buy a cheap router and do not hook it up to the internet, just use if for your devices at the home like the refrigerator, the thermostat, other items in the home using the IP connections that you do not need to have connected anywhere but in the home, or office. When we design security systems we try and keep the systems off the internet, even away from non security systems like admin and such, you can do the same for your home, your cheap router can handle your security systems, record them so you can see what is going on, with out putting it on the internet. There are some cheap cameras out there that even experts have not been able to close all the loop holes in them for the hackers. If possible try and keep your systems hardwired not wireless as much as possible, this takes away even more vulnerabilities, but make sure when you do you turn off the wireless capabilities from the devices, or hackers in the nearby areas can still use them to get into your system, but they would have to be in the area. CTI has developed a basic construction or renovation standard for business on implementation of non wireless devices, that we would be glad to share with you if you need it.
from CTI Consulting http://ift.tt/2eXeAFB
via IFTTT

Thursday, October 27, 2016

Why studying security in college is a waste of time

Security training is always a very hands on prospect, and firms like ESI have both college credits and work with veterans college funding, but if I were young again I would like to have finished a traditional college as well.
from CTI Consulting http://ift.tt/2eKReme
via IFTTT

Securing the Third Presidential Debate 2016 -- Security Today

Ok, now we have drone protection, you-all can put away your shotguns. Or maybe not, I am a big believer in ground radar for helping with protection, but for drones, not so much, sorry. The USA and Israel use ground based radar to extend perimeter security over the boarder and as well as for keeping area clear of unwanted people. The are effective, and really should be used more, I am not sure what this system can do in that regard, but will check into it.
from CTI Consulting http://ift.tt/2eQNEaT
via IFTTT

New Scanners and Conveyors Could Make Airline Security Faster and Safer - Bloomberg

The biggest part of the new agenda for screening check points, is the same cat scan type technology for screening check points as they are using for checked baggage. It was and has been a goal for TSA since it's inception, but the cost, size and weight of the machines made it impossible. But through the years some vendors have come up with smaller cheaper machines that did not weigh as much. This puts them in the right place to perhaps make this happen, but still size and cost are still hard problems to surmount for replacing all traditional x-ray systems at check points. Even with a lower cost, they are usually 10 times the cost of x-ray systems, and have much higher maintenance and testing costs as well. The size has come down, but we are still looking at a 35% bigger size at the moment. This would mean a 5 unit x-ray check point may have to down size by one maybe even two machines. It will be interesting to see how the thru put matches up. Now the automation of the bag belts, has from all reports been a success in the places it has been tried, but the story is still being written. I think an old lady or man is going to go nuts when all their stuff is moving away from them as they stand their trying to get the other shoe off. There is also the question of theft, crews of baggage thieves work airports all over the US, they have stallers, pass off people and the greatest bags to grab stuff off screening belts and walk away with your camera, even your whole bag. This new automated system would seem to be just what they ordered, as people are separated from their bags for periods of time. This should be an interesting Holiday season.
from CTI Consulting http://ift.tt/2eUx0Wf
via IFTTT

How to make Coloured smoke from Wax Crayons. Smoke bomb/ grenade for paintball, airsoft.. etc - YouTube

This has been around for a while in certain circles, but it is effective and very easy to do, skip the whole grenade thing, you could actually go to jail just making and carrying it. Just use the cardboard cylinder, a toilet paper roll will work but not as well as the heaver cardboard roll. I am not sure why more demonstrators have not used this more, it is effective, and would cause real problems if used inside a building or bus, or on the subway. Just one more thing we will have to keep an eye out for.
from CTI Consulting https://www.youtube.com/watch?v=fdeXcGkqT_4
via IFTTT

New Technology At Detroit Metro Airport Allows Travelers To Move Through Security Lines In A Flash « CBS Detroit

It is interesting to see Clear in airports again, they made a big push before TSA did Pre, but I have not seen so much of them since. TSA actually had a program like this for a while called registered traveler, it did the finger prints and eye scan, along with a picture on a Smart Card, at the time smart cards had relatively small storage, I think is was 2 or 3 megs, now they are avaialable with much larger storage. I used it at Houston's airport the most, but it was at other airports as well. Next to Pre I am not sure what this will buy you, to get the TSA to make a clear only lane, it would have to need room and staff, which most airports just do not have, nor does TSA have the staff., But lets see how it goes.
from CTI Consulting http://ift.tt/2e03kJG
via IFTTT

Wednesday, October 26, 2016

Military Warns Lenovo Poses Cyber Spy Threat

As I write this on an Lenovo laptop, I am wishing I had bought the HP. But once you really get into this Chinese manufacturing issue, as I have had to do researching for a Cyber Security Class I teach, you start to understand that this whole computer and router approach China still uses, has evolved into making chips for computer makers all over the world, Sony camera chips are made in China and then put in cameras made all over the world. The chip that allows for IP V4 to translate to IP V6 is predominantly made in China and has been found to break security of IP V4 traffic as it passes. Still this is of grave concern, and I am looking for a way to make this computer as safe as I can. I am running a spectrum analyzer around in for at least a few hours a day to try and detect any remote traffic, but even that is hard with all the IP traffic around so much of the time. We in the USA and much of the world have given over our chip manufacturing to China and other countries in the area, so I would hate to see what could happen if we ever did get into a war with China, would our IT infrastructure be turned on us. It is a real threat, and I am glad people with a lot more knowledge of the subject are on it for us. I wish them luck it is indeed a brave new world out there.
from CTI Consulting http://ift.tt/2eJQ9LF
via IFTTT

Airports seen adopting discreet screening measures to allay security fears | Reuters

This is in reaction to a lot of the attacks this and last year, and are needed to shore up our security at airports. The big question is what is the next attack going to look like, TSA and most Security Experts point to the insider threat vulnerability. There have been insider plots thwarted in the past, and if the rumors are to be believed a number are being monitored right now. The Nuclear Industry used to use three scenarios for attacks against them based on Insider Threats, none it found could really be stopped or even detected by technology, only by the constant awareness of fellow employees. I think this is also true of airports, hospitals, even court houses. Remember the attacker of the Pulse Night Club in Florida had previously worked at the local court house. The bomber of the Brussels airport, one of them, had worked off an on at the airport for years prior. We need to understand the insider threat and train our staff to report anything unusual.
from CTI Consulting http://ift.tt/2eEUBxM
via IFTTT

Warning! Your iPhone Can Get Hacked Just by Opening a JPEG Image, PDF or Font File

I know Apple users are very wary of moving to new software upgrades, but this time you really should. The newest upgrade seems to take care of this vulnerability, as well as some other security vulnerabilities. The growth of the apple brand has made it the one to go after for hackers now days, why pick on a lot of different android devices, when you can go after the apple and hit so many more.
from CTI Consulting http://ift.tt/2dXwUzF
via IFTTT

Temple Student Uses Target Gift Card to Get Past Security in 9 Buildings -- Security Today

Photo ID's are valid for small faculties that everyone knows each other and a stranger stands out. But even if the guards are watching carefully, picture ID's are easy to make and alter. Either give the guards watch lists of active cards, time consuming and hard to maintain, or go to an access control system that allows folks to either swipe in or let a guard swipe in, the guard is actually better because they then have to see the card and the person, if not stolen or lost cards can be used to enter. If you do go to just access controlled doors then you may want to add a PIN number to the card, so the user would have to know the PIN and have the card, this should be used on at least the outer doors to facilities and then it maybe acceptable to use just the card on inner doors. PIN's can be guessed or coerced, so if the level of security is that serious, consideration should be give to a bio metric system like a fingerprint instead of a PIN. In some very critical areas it is sometime prudent to require all three, the card, the PIN, and the bio metric, but this is normally only for very high security area. Each level of security can be helpful, and perhaps needed, but every system can be beat. Every bio metric system I know of has been beaten in the past, to include finger prints, to eye scanning, even facial recognition, so there is no silver bullet out there but each gives you a level of security over the other. One computer facility I work with has 3 bio metrics a person has to use to enter, and are considering adding a fourth. For campus security it maybe acceptable to use only a card, but just remember the vulnerability of stolen or altered ID's, which can lead to liability. It normally comes down to a cost issue, but cost issues do not stand up all that well in civil court cases after someone is hurt. But it still comes down to cost, and remember every system can be beat. The rule of thumb is what are other campuses in the area using, and then at least match that level of security.
from CTI Consulting http://ift.tt/2dLaaiV
via IFTTT

Hacking Firmware from Mobile Phone Hacking Company Leaked Online

So you want to hack a phone, for some reason some of the best forensic software possible has just been dumped on line for free. The parent company is not pleased, and it still is not certain if it is a hack, or some type of promotional gimmick gone way wrong. But if this is your thing, you may want to take advantage now, before someone wises up over there. By the way the bad hackers have access as well, so give that a thought.
from CTI Consulting http://ift.tt/2f7TFTR
via IFTTT

San Jose: Airport introduces robotic greeters

Another technology that is really coming to its own. As robots evolve their use grows, but this is using almost old technology to handle specific situations, like at the end of the Jetway as you come off the plane, this device can have the list of connections, and if asked, provide directions. Think of its use at Hospitals or any area where information is just needed to move you along. CTI is looking at a kiosk type situation to help people determine their next step in a process, now add this to the mix, and you can provide even more direction and help. Next to where robotics are at and going in the near future, perhaps it is time to make the older technology pay, and help people at the same time.
from CTI Consulting http://ift.tt/2eDetRN
via IFTTT

Delta's RFID luggage tracking system now includes a map view

This is another technology that is making great breakthroughs, mainly because of price breaks as the technology gets used more. Think of using it for radios of your security guards, so now you have a constant idea of the areas they are patrolling or tracking classified document at an agency or a law firm. With the proper price break the uses are unlimited.
from CTI Consulting http://ift.tt/2f5pX1Q
via IFTTT

AI-powered body scanners could soon speed up your airport check-in | Technology | The Guardian

It is exciting technology and we are just seeing the tip of the iceberg of what can be done with millimeter wave technology. It will be interesting to see what future trials will show. The waves do not stop on command, so they could reach other machines operating in the area, giving both false images. DARPA has been funding millimeter wave technology for at least 10 years. You may well see it show up in corporate security environments as well. The system could work thru the dry wall of a hallway, scanning people as they pass. It can also work out side looking for suicide bombers as they walk toward an establishment, or just walking down the street, if may not detect every little thing setup like that but it could catch a suicide vest or belt on a person walking down the street. The back scatter is somewhat like x-ray back scatter, so having a van with a scanner in it, could drive along a street and detect items on people walking down the street. A system that can drive by trucks, vans, and cars, looking for explosives already exists and is use in and around major cities. Technology is advancing, but we still need everyone to use their eyes and ears to help spot possible problems. In some cases this technology can help us move in on a person to determine if they are a threat with out ever letting them know we are checking them out. I can see this technology being used a sporting and entertainment events in the near future, perhaps a good stock buy for some of you investors. The Executive Protection field, should be keeping an eye on this technology for their use.
from CTI Consulting http://ift.tt/2eGoXyL
via IFTTT

Access Badge Concerns at US Airports - A Way Forward

I was interviewed by Cox Media today regarding the TSA's report on access badge problems at the airports. Their position is that because the airports are self-reporting their own data - which in some cases understates the number of lost or unaccounted for badges - that greater government oversight and controls are needed.

To understand what the TSA is looking at, you need to know how a modern US airport is secured. It's divided into several zones: public (where anyone can go), sterile (after the screening checkpoint before you get on the plane), and the secured and aircraft operations areas (the highest security zones).

The TSA's rules for access badges originated with the FAA's rule in the late 90s - predating 9/11 and much of the security technology of today. Basically it stated that any lost or unaccounted for badges should not exceed 5% for each type, otherwise you have to rebadge everyone. The concern was that a criminal or terrorist could use that badge to gain access to areas where they didn't belong.

This is a concern, don't get me wrong. But we should also understand that the most secure areas of major airports require not just a badge but at least one or even two more factors of authentication. It used to be you could swipe that badge and you're in. Now you have to swipe and enter a PIN, and sometime also a biometric like a fingerprint as well. So using a stolen or found badge will give the bad guy the appearance of access - he'll look like he belongs - but actual access is much harder to come by.

When viewed overall, the percentage of unaccounted for badges in an airport is extremely small - usually less than 1%. When you drill down and examine one area on its own, small fluctuations in badge numbers can become magnified. The biggest problem for airports is employees of the companies who work in the sterile areas: the McDonalds, the bookstore, the Starbucks, or the pretzel carts you see on your way to the gate. These are the lowest-paying jobs, and the workers are the most transient. When they leave, they will sometimes take the badge with them and never return it. Many hundreds - perhaps thousands - of old terminated badges are lying in junk drawers across America right now. Most companies will terminate a badge and pay a fine if it's not returned, but that doesn't help the airports.

The TSA holding the airport management's feet to the fire puts them in a tough position, because even if they don't self-report, the companies that operate within the airport do. Also, the ones in the sterile area are small businesses with fewer internal controls and less strict personnel policies. The airlines and tenants that operate in the most secure areas do not have the badge loss problems these smaller companies do. So instead of more regulation, I think airports need three things:

1. More training and better communication between company management and airport management.

2. Sharing of best practices between airports and guidance from aviation industry groups like the National Safe Skies Alliance, a non-profit (funded by the FAA) which acts as a resource for airport operators.

3. Better use and reporting of access control data captured in the course of everyday system use. Software is capable of detecting anomalies in badge use and can alert both the airport and company automatically within an appropriate timeframe for badge collection, or if an employee is possibly an insider threat. It can also notify stakeholders when unaccounted badge counts get too high, so that action plans can be implemented.

Ultimately the airports themselves will have to demonstrate the effectiveness of their programs in order to avoid greater scrutiny by the TSA. 

-TSH

Tuesday, October 25, 2016

FBI Announces Results of Operation Cross Country X — FBI

Excellent work by the FBI on tracking and catching these sex offender's of 82 minors. Any help that we can give to them in finding more of these sexual predators would be great. This is a business that rivals the drug trade for profit, and is world wide. We in many cases only have days to recover these children before they are sold overseas. It takes a lot of work and expertise to breakup these rings of traffickers, and we all owe a lot to the FBI for catching so many of them. We hear of cases of minors running away from home everyday, what is not discussed is what happens to runaways in very high percentages, and that is they end up in the sex trade or dead very quickly. Once into the trade, most never make it out. Guilt keeps a lot of young teens from breaking loose from the hold the sex trade has on them, they feel no one will ever love them again. We all need to work on helping at both ends of this horrible tragedy that is being carried out every day.
from CTI Consulting http://ift.tt/2e7UzLa
via IFTTT

Officials: Suicide vest, guns found at airport were 'props' - Washington Times

This is an ongoing problem for Security Trainers now days, flying with training props can land you in a whole lot of trouble. We used to be able to work this out with FAA Security Officials, but TSA just does not seem to want to work with anyone. If someone knows a way or contact with TSA that has helped it would be great. I usually have to buy and make my props locally these days.
from CTI Consulting http://ift.tt/2eD1fSn
via IFTTT

Monday, October 24, 2016

Germany: Government Blocks Major Tech Deal With Chinese Firm | Stratfor

This is the second time China has done this lately, and it is a good move. China is getting very aggressive with firms they have an over 5% stake in. Even with a less than 5% stake, they have used the stock leverage to get inside some of the largest companies. We all need to develop a raised awareness of any dealings with the Chinese, the lore of easy money has been a very big mistake for many firms, both in the US and EU.
from CTI Consulting http://ift.tt/2eoT1jd
via IFTTT

Friday, October 21, 2016

This Is Probably Why Half the Internet Shut Down Today

TrentonScottH : Massive DDoS attack slows or shuts down many US websites https://t.co/af1Mt5zZLZ
from CTI Consulting http://ift.tt/2ef2FXG
via IFTTT

Thursday, October 20, 2016

Top Gulf cartel boss known as "Comandante Toro" barely evades capture on the Texas border - JammedUp News

This was within an arms throw of the border, the black smoke from the tire fires was noticeable from our homes in Mission Tx. The use of tire fires to provide cover for escapes and attacks is fairly common, they used them in the Gaza Strip when I was there, I just did not expect to see them from my home, in Texas.
from CTI Consulting http://ift.tt/2exWAQJ
via IFTTT

Police Scan 117 Million Driving Licence Photos for Face Recognition Database

Not as dangerous as it looks, it can help, but a 1 to many, in this case 117 million many, is a hard to do search, as well the false alarm potential is extremely high. It can work, and bad guys can be found, but one in a data base that large is almost larger than the data set for facial recognition itself, making duplicates pop up a lot. It is a usable resource and I am sure some bad guys will be identified with it, I just would not shoot them based off this recognized face.
from CTI Consulting http://ift.tt/2eqgZJ3
via IFTTT

The Skeptical Bureaucrat: FBI = Folks Barging In

Low blow here on the FBI = Folks Barging In, but the situation is one we all need to look at. With out looking at the threat assessment that called for a vehicle barrier, one can not determine the barriers requirements, but as bad as this looks, if it met the threat level they are facing,one can only say ok, but if not, then either the barrier was given the wrong stopping level, or the assessment did not take in the total threat. But you need to be realistic on the threat or the costs can eat you up, and if not the gate where the barrier was, it would appear the fence associated with it, was far less protected. In the end the barrier was breached, but the vehicle was not going anywhere, so to me, it did the job, depending on the threat they felt they faced.
from CTI Consulting http://ift.tt/2dqWb6t
via IFTTT

Borderland Beat: Tijuana: Zona Norte the principal point of sale of drugs

Tijuana has seen a spike in crime to include murder and kidnapping. The control of the Plaza is the main point of contention, but also a small area of the city know as Zona Norte has become the local hot spot for drug sales in the city. Control of the drug sales in this area is also in contention with sellers switching sides (never a healthy move in Mexico or the USA) to which ever cartel or cartel sub leader gives them the best deal. Happens a lot in drug dealing but not when you are dealing directly with cartels, they tend to strike out. A Brownsville Grand Father did that and a box of pipe bombs was sent to his house. We all need to be aware of this rise in crime in Mexico, since it normally means it will spill over to the USA.
from CTI Consulting http://ift.tt/2do5ZhR
via IFTTT

China "Unswerving Leadership Over State-Owned Enterprises" Like Hikvision

This is very evident in the whole IT sector of China's Products. It's low cost cameras have let them into many home routers as well as many small business routers. This does not even take into account the number of compromised routers China has been able to get into some of the highest levels of Government as Businesses. We have been under attack for years now, the router investigation alone we over 10 years ago, and a number of people went to jail over it. The FBI unfortunately was one of the buyer's of the compromised routers as well, so you have to wonder what China knows of their investigations as well.
from CTI Consulting http://ift.tt/2dl1tQU
via IFTTT

Wednesday, October 19, 2016

With Focus on Mexico Border, Terrorists may be Entering via Canada - American Security Today

This is actually a fact, more actual and factual Terrorists with ongoing plans to attack have come over our Canadian Border. From the terrorist walking into the USA from Canada down the railroad tracks with a fire extinguisher in a bag, that hid and explosive device. To a year or so later when a State Trooper saw something wrong in the actions of a driver pulling into a rest stop, and found two fire extinguishers in the back seat in a bag, that also hid explosive devices, and had just driven over the border from Canada. Then go to the LAX millennium bomber who was caught leaving a ferry from Canada with explosive materials. There are others who have been caught on the Canadian side plotting to attack the US.
from CTI Consulting http://ift.tt/2dBGdVu
via IFTTT

www.sskies.org

TrentonScottH : CTI's study on Airport Breach Classification & Best Practices for Safe Skies has been published. #aviationsecurity https://t.co/hc0w8uX9Ja
from CTI Consulting http://ift.tt/2e2n9PH
via IFTTT

Tuesday, October 18, 2016

Oracle Releases Security Bulletin

Here is a major cyber company and they have issued a patch for 247 vulnerabilities, now does everyone have the knowledge, man power, and access to all their Oracle products to do the patch. And this is but one patch of many.
from CTI Consulting http://ift.tt/2eqf3hZ
via IFTTT

Mirai botnet is targeting also Sierra Wireless cellular data gear productsSecurity Affairs

This botnet is the same or very close to being the same as the botnet used to attack Kerbs on Security web site. The internet of things has two huge cyber security problems to overcome, before it overcomes us all. One is that to make them cheap they have virtually no software or hardware defense against cyber attacks. Two, for ease of use to most households, they default to no security when they malfunction. Which means they come back up working in most cases with no security on them, and the home owner rarely even knows the change.
from CTI Consulting http://ift.tt/2eumU2Y
via IFTTT

Student Finds Loaded Gun Left Behind by Officer - Campus Safety

No problems came of it, which is great, but it does point to the safety mindset, even non police carriers of weapons must have around schools
from CTI Consulting http://ift.tt/2effFJZ
via IFTTT

Survey: Businesses Overwhelmingly Concerned About Active Shooters in the Workplace, But Are Unprepared for Them -- Security Today

FEMA has a on line course that should be a good start for most businesses, there is also an draft Active Shooter Plan associated with it, that should give a business a good plan to start with. CTI can provide training , and if needed help you develop a plan for active shooters and other workplace violence issues.
from CTI Consulting http://ift.tt/2dLWSng
via IFTTT

New Airport Security Lanes Help to Diminish Long Lines -- Security Today

This will be one to watch, for travel savvy passengers, I think it will help, for the other passengers the learning curve is going to cause problems. Most checkpoints are going to have both systems for at least a while. We may have to go back to the lanes for frequent travelers and then the other lanes, at least for a while.
from CTI Consulting http://ift.tt/2eexJVt
via IFTTT

Dozens of flights worldwide delayed by computer systems meltdown | The Independent

This is another cyber attack on the Aviation system, one glaring problem is that there are so many devices working on both the airplanes and the airports that to close every loop hole is close to impossible. But we do need to make a concentrated effort to close these before another one of these vulnerabilities causes a lot of deaths and injuries.
from CTI Consulting http://ift.tt/2e9VHmr
via IFTTT

Monday, October 17, 2016

Airport Scanners Have Account Backdoors, Default Passwords | PCMag.com

This is an old article, but with the hackers getting into everything, this is one we should keep in mind.
from CTI Consulting http://ift.tt/XUvniF
via IFTTT

Darkweb marketplaces can get you more than just spam and phish | CSO Online

Here is for many the first real introduction to the hackers supermarket of off the shelf hacking products, by the way some of the hacks are given away, well you have to request them showing to the FBI and world what you are interested in. One FBI Cyber Specialist had me sit down at an old XP based system, and proceed to go on the Dark Web, download a wrapper with a malware attached, for free, and sent me an email from a person I know's account, they faked it, I opened the email, watched Santa come down the chimney, and presto chango the FBI agent had total control of the computer. He wrote emails for me, to friends of mine, he took and email I wrote and changed it before it actually got sent. Turned on the camera on the computer showed the room it was in, did the same with the microphone. It was amazing, and all from a simple download from the supermarket shown here. Just shows you do not mess with Hackers, or the FBI for that matter.
from CTI Consulting http://ift.tt/2epgA9u
via IFTTT

Insulin Pump Vulnerable to Hacking

This is not the only Medical device susceptible to hacking. Pacemakers todrug prescription machines have proven hackable. Not to mention lab testing equipment and drug dispensing equipment as well. Most Hospitals and Doctors offices are notoriously vulnerable to hackers, there's just so much of the new technology that is iP based, and often not secured correctly. It takes a lot of constant work to keep just basic security, then add to that software and firmware patches that are required regularly, it quickly becomes pretty unmanageable.
from CTI Consulting http://ift.tt/2eKu5Dx
via IFTTT

Backpack Bomb Found in Front of Nederland Police Station

Everyone should have basic training on dealing with possible explosive devices. Even walking up on one side can be deadly. These devices use timing triggers, remote control triggers, even anti disturbance devices. ESI or CTI have training available to help keep you and yours safer from devices like these.
from CTI Consulting http://ift.tt/2dfTqjt
via IFTTT

Today's IoT technologies are circling tomorrow's airports

This like most of the Internet of Things, or IoT as it is known, can be a blessing and a curse. Four Airports in the USA and many more around the world have, had viruses and or Malware introduced via Internet that have affected airports, airlines, even the FAA, ,to the point of shutting down critical systems for hours and in on case days. We need to go into this Internet of Things with our eyes wide open, and give a clear look at the vulnerabilities as well as the positives.
from CTI Consulting http://ift.tt/2eboS78
via IFTTT

Unsecured speeding cameras wide open to smart city hackers

There's simple fixes for most of these problems, but the sheer volume of IP cameras and other IP vulnerabilities in this brave New World of the Internet of Things, makes it a difficult job at best. But if we don't get a handle on it, the damage that could be done will be devastating. Passwords are the first step but getting these cameras off the Internet is going to be necessary, put them on internal city networks will help, then the passwords can be more effective.
from CTI Consulting http://ift.tt/2em7DMS
via IFTTT

Saturday, October 15, 2016

Police: 7 killed, 14 wounded in Chicago weekend shootings | Chicago Sun-Times

We all need to find a way to end this mess in Chicago, there are possible solutions, a small suburb near Chicago has seen an 85% reduction in crime. and more importantly an almost total end to gang violence. It may not fit in Chicago, but it could perhaps be modified to work, we have to try something. In a world of rising crime, new methods are needed to combat it. Security needs to evolve just as crime continues to do, we have seen methods such as stop and frisk almost totally stopped in some cities. When in fact Stop and Frisk has been a tried and tested in the courts method for years. Normally known as,“Detain or Restrain a person or property for a reasonable means or period of time in order to confirm or dispel suspicion under principals of Terry v. Ohio”. Which is a court case that was expanded over the years in a series of other court cases, not deemed unconstitutional. It perhaps was abused at times. which is why in the end the Stop and Frisk as had came to be known did get on the bad side of a Judge. Lets get back to Terry v Ohio, it is still being used, it is a valid crime reduction method. It just has to be used judiciously as it was intended. Chicago has also been perhaps trapped in a crime reduction program called the Chicago Method, developed by Chicago University if I have it correctly, it pays Church's and citizen organizations like the one's President Obama started out with in Chicago. The method is not working from what the world can see. But to stop the flow of funds to the Churches and other organizations would hurt their cash flow, and no one is ready to get on the bad side of these Churches and Organizations. We need to find a way to keep paying them, yet try and move to other crime reduction methods. It can not be certain that anyone in use at the moment will be a perfect fit for the Chicago problem, but things can be tried and tailored to work, or at least reduce crime to some level, below what it is now. But as we started with, we (the world or at least the USA we) need to stop or at least reduce the crime in Chicago. A contact for the method being used just outside of Chicago is the Bensenville Police Department at 630-350-3455 or email Officer Joel Vargas at jvargas@bensenville.il.us Let's make a move to stop the Gang Violence.
from CTI Consulting http://ift.tt/2dRGMva
via IFTTT

Friday, October 14, 2016

TSA Precheck vs Global Entry: Which One Is Best For You?

TrentonScottH : Trusted travelers programs - which one is right for you? https://t.co/3RiJn1n2TV
from CTI Consulting http://ift.tt/2e84P6H
via IFTTT

No Injuries After Legoland Bomb Threat (Learn More) - American Security Today

Businesses have to learn to deal with bomb threats, this threat evacuation was very costly, we do not know the wording of the written threat, but we do know most threats are false in the USA, over 90%. Not evacuating can be devastating if even one life is lost. But ISIS and others are looking to see how these threats are handled, and responses like this lead them to tell their followers to make a lot more phone calls. Blackmailers are also watching these events to see if they can use threats to gain money, this was tried recently at an airport on the border, the threat was an email, which has much been the most used recently. Finally look at businesses in competition to your business, with a few phone calls, they can cause you many millions in losses. At some point businesses have to make valid decisions on handling bomb threats. ESI just had a bomb threat class where students have been taught how to help corporations and executives deal with bomb threats, Using a method to evaluate a bomb threat can help you deal with them much better and justify your decision. Evacuation every time a phone call threat is made is going to bankrupt your business, but you can always fall back on the, we did not want anyone hurt, as your business goes out of business by evacuating, every time there is is a threat. Tough call but that is why you need to be trained or need to hire people that can help you evaluate the threat.
from CTI Consulting http://ift.tt/2e35wz5
via IFTTT

Thursday, October 13, 2016

Recording Reveals El Salvador's Gangs Planning Terrorist Attacks

This is not the first time we have seen gangs and cartels respond to heightened Law Enforcement actions. Mexican Cartels have escalated up to terrorist like wattacks in the past, and it is expected they will in the future. Gangs in the USA have been growing and expanding their violence capability for years, it can be expected that they will consider this type of push back in the future.
from CTI Consulting http://ift.tt/2e85x2Q
via IFTTT

How to become a Bodyguard! The MOST Comprehensive Training Available - YouTube

We have just finished a two day in depth training for Executive Protection teams on Explosives, from how they work, to how they are used, to how best to find them and or mitigate the damage they can do to a corporate executive. The students walked away with the skills to protect their clients of bomb attack. In addition they have the ability to help clients from Doctors Offices, to Court Houses develop Mail Room bomb threat plans, to include teaching people who handle the mail how to recognize and deal with suspect mail and packages. Add to this each student can help their clients of all types deal with bomb threat phone calls, emails or other threats. How to evaluate the threat for credibility and also how to use the threat to help track down the bad guy. Bomb blasts can destroy a business, so knowing what damage a bomb can cause from a brief case to a large semi trailer truck is critical. Developing reasonable stand off distances are needed, each student has the capability to give blast pressure levels, and what distance from what threat is needed to keep you and your business safe, These are skills every EP and corporate security teams need to have in this age of bombs being used by assassins and terrorists. The student had to pass a final test that showed how they worked as a team and as a single person in protecting clients from bombs. All have passed, and would be a great asset to any corporate or EP team that wants to have explosive protection skills. Well done folks.
from CTI Consulting https://www.youtube.com/watch?v=kdqSIxM_w2c
via IFTTT

CBS 4 News Rio Grande Valley

This myth that legalizing Marijuana will calm a lot of the violence needs to be held up against the legalizing of alcohol after prohibition. The gangs did not stop, or even slow down, they just moved to other criminal enterprises. The new up and coming young turks of the drug trade have already figured this out, hence the incredible rise in Oil thefts, kidnapping, human trafficking. There is also the problem of tax, the gangs for the prohibition era found that it was still very profitable to bring in alcohol they could bypass taxes with, and pocket the difference. This moved to cigarettes and other consumables. So no the legalization of marijuana or any other drug will lower crime, it will just make the bad guys move to another illegal activity, and often a more violent one. The way to stop bad guys is to go after bad guys.
from CTI Consulting http://ift.tt/2dVWdBy
via IFTTT

Monday, October 10, 2016

Man who Killed Palm Springs PO's had Body Armor/Gun Magazines - American Security Today

We all need to keep these officers in our prayers. We all also need to keep our eyes and ears open for information of someone planning an event like this, it rarely ever happens in a vacuum, some one almost always was aware of the attack before it happen.
from CTI Consulting http://ift.tt/2dsfjNG
via IFTTT

The Philosophy of Security: New York bombing: Suspect Ahmad Rahami 'may have been radicalised after visiting Afghanistan', as video emerges of him dragging bag in Chelsea

One of the explosives we will be analyzing is the HMTD home made peroxide based explosive used or thought to be used by the New York Bomber last week.
from CTI Consulting http://ift.tt/2d8Mkx7
via IFTTT

Alabama Corrections Officer Stabbed by Inmate Dies | Officer.com

When I did the Training film Disguised Weapons, we focused in on many knife edged weapons. In one situation after the film was being used, I gave an ex convict a chance to show me how many edged weapons he could make past an airports screening check point, we stopped counting after 50, then we did the same thing from the point of entering the plane, to the lavatory in the back, and once again we stopped counting after 10, all simple to fashion with available pieces of the plane. All this to point out, please do not count on the screening process of any system, Airports to Courthouses. Disguised and improvised weapons are out there and available, so please be careful and be ready to deal with the edged weapons threat.
from CTI Consulting http://ift.tt/2e1Q4a8
via IFTTT

Saturday, October 8, 2016

IAHSS Announces New Certifications, Manual for Healthcare Security Officers - Campus Safety

Keeping up to date on Certifications is important these days
from CTI Consulting http://ift.tt/2db5tBQ
via IFTTT

Beartooth

I am always on the lookout for new technology that can backup the cell phone, if a cyber war starts, know one of the first hits will be to our cell phone grid, this maybe away to at least keep in limited touch. 5 miles maybe a bit of a stretch but it should work like any other radio system in the 900 mhz range. The data should go a bit further, how much would depend on your location. I have not tested one of these yet, but would like to hear from someone that has. It seems to be a good fit for an EP team, since it basically works as a two way radio, with the added help that it has some type of encryption (probably very basic) and has its own power supply that can double as a backup supply for your phone. I am just going off the advertisement, so buyer beware, at least till we can get some better reviews on the device.
from CTI Consulting http://ift.tt/291EskW
via IFTTT

Friday, October 7, 2016

Chicago police officer feared using gun while being attacked | abc7chicago.com

I am glad she survived, but actions like this puts her fellow officers at risk as well. If shooting is required, they should do it immediately, before someone else gets hurt.
from CTI Consulting http://ift.tt/2dJ71o1
via IFTTT

United States’ FAA outlines PBN-centric vision | Air Traffic Management | Air Traffic Management - ATM and CMS Industry online, the latest air traffic control industry, CAA, ANSP, SESAR and NEXTGEN news, events, supplier directory and magazine

The move to this technology has been in progress for years, but still the cyber security issues are immense, China has made this technology a priority for their attack teams. No one has really come forward with an explanation of how a South Korean chopper drifted of course and was shot down by North Korea a few years back, but some initial reports centered on a hack of the GPS systems involved. Chinese documents show that they have had some success in hacking the system. This was verified by the USA in the last few years. They are attacking various parts of the GPS, and ground based guidance systems to be used. It should be dicey, since the Chinese are basing their systems on the same technology.
from CTI Consulting http://ift.tt/2cXifW4
via IFTTT

TSA administrator ‘a huge fan’ of third-party canine cargo screening

This could be a huge opportunity for K9 firms, it will be interesting to see the testing and training requirements for these 3rd party K9's. Training on the homemade peroxide based explosives can be both dangerous as well as having some possible legal issues.
from CTI Consulting http://ift.tt/2dRIWHY
via IFTTT

Obama Released Afghan Soldiers Into America - Bill of Rights

This program and others like it have been going on for years, and for years a small percentage have gone AWOL most joining the ranks of illegal immigrants immigrants in the USA. But for the most part they were from South America, and believed in the American way of life, still when found normally deported ASAP. Their sponsors, DOD or State Department, just want them handled quietly behind the scenes. The reason these students are a possible problem, is they well could be folks that want to cause us harm, we just don't know.
from CTI Consulting http://ift.tt/2dRymkd
via IFTTT

Wednesday, October 5, 2016

Powerful NSA hacking tools have been revealed online

It is not known who released these hacking programs, but they appear to be the real thing. There's more info on the NSA in this article than I am sure NSA is comfortable with, but with Snowden's dump the Russian and Chinese Intelligence Agencies probably have a lot more.
from CTI Consulting http://ift.tt/2b34DTq
via IFTTT

ISIS Calls for Random Knife Attacks in Alleys, Forests, Beaches

ISIS is promoting the use of knife attacks a lot now days. There's actually a lot more State and Local laws restricting the carry of knives than fire arms. So a good first step in stopping knife attacks is reporting people carrying them. Many Police are not that clear on knife laws, you may have to educate them as you report it. Not all knives have restrictions, it normally goes by length of blade and if it is a folding knife by how it opens, and at times how the blade locks in place. Some laws also have restrictions on the type of blade, for instance double edged blades can be restricted. You need to know the laws in your area. Most knives talked about in this article, would be illegal to carry. Next is getting out of danger, personally I consider knives for the most part more dangerous than firearms. So running is always a good start. Getting things between you and the knife carrier also helps, like doors, tables, even chairs, anything that keeps the blade away from you. If you have even a small knife, ,it can help to keep them at a distance, but engaging is almost always a bad move. If you have a firearm, you need to understand that Police tests have shown that even a trained Police Officer can not pull and fire a weapon if the attacker is closer than 2o feet from you. So even armed you should go back to the first two options, running and getting something between you and the attacker. The difference being now you are looking for time to draw the weapon and get it into firing position. There are some videos in the article on fighting people with knives, I would suggest you go back to options one and two. Put on an old shirt and have someone attack you with a deadly magic marker, now look at all the magic marker marks on you and your shirt, it isn't as easy as the video depicts. Hope this helps.
from CTI Consulting http://ift.tt/2dJrrtp
via IFTTT

Tuesday, October 4, 2016

CBS 4 News Rio Grande Valley

This apprehension happen by one person making a critical tip to Law Enforcement. This is how we get back our security and safety in the USA. The eyes and ears of our USA Citizens, is our greatest strength.
from CTI Consulting http://ift.tt/2d1SpP2
via IFTTT

Monday, October 3, 2016

A Smarter Approach to CPTED

Every school from elementary to university's should be considering CPTED principles to reduce vulnerabilities in an effective cost saving approach. If you add to this your elderly and low income housing projects, cities and states could recognize safer communities with reduced costs for implementation. Call or email CTI for ways your team can get started.
from CTI Consulting http://ift.tt/2dEIlOK
via IFTTT